tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Gibson <jgib...@shakethebaby.com>
Subject Domain Names for Session Cookies
Date Fri, 16 Apr 2004 21:34:31 GMT
I'm running Tomcat 4.0.6 with Apache 2.0.46 on RedHat Advanced Server 
and I'm running into a problem with the domain for session cookies.

I have a host setup as foobar.com with an alias of www.foobar.com.
When a client visits foobar.com I create a cookie-based session for the 
user.  Everything behaves correctly as long as all of the user's 
requests to the server begin with foobar.com, however if the user visits 
www.foobar.com the browser will not send the session cookie and 
vice-versa.  As far as I can tell this is because the session cookies 
that Tomcat creates have a domain that matches the requested domain. 
However, if the cookies were created with a domain of ".foobar.com" then 
they browser would send the cookie to both http://foobar.com and 
http://www.foobar.com.

Is there any way to override the cookie domain that Tomcat uses when it 
creates a cookie?

If there is not a way to do that, then should I forego the usage of 
Tomcat's session cookies and create my own cookies for session 
management?  Is there a better way?

--
John Gibson


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message